Community
cancel
Showing results for 
Search instead for 
Did you mean: 
3,063 Views

How to reset TPM on NUC6i5SYH device

Hi ,

When I try creating primary key on Linux OS based NUC6i5SYH, I get following error

./hierarchycontrol -hi p -he p

hierarchycontrol: failed, rc 000009a2

TPM_RC_BAD_AUTH - authorization failure without DA implications Session number 1

This due to some auth password is set by BIOS !!. and how to clear TPM from BIOS. There is no option to clear TPM in BIOS.

Can you provide steps to reset the TPM.

Thanks,

Vasu

Tags (1)
0 Kudos
9 Replies
LeonWaksman
Super User
907 Views

1. Disconnect power adapter cable.

2. Remove the bottom cover and remove the yellow security jumper.

3. Connect the power adapter and press the power button. NUC will boot into Configuratio Menu. It takes about 30 sec.

4. Press (2) to reset passwoards.

5. Power the NUC OFF. Disconnect the power adapter cable.Replace the security jumper (pins 1-2). Replace the bottom cover.

Leon

907 Views

Thanks for the input Leon.

I followed the steps and cleared password (option 2) and same steps I followed for clearing TPM (option 3).

I booted to Linux after clearing the passwords and TPM, but still I am facing the same issue.

 

I am not able to create primary key.

following is the command (I am using IBM TSS2.0 tools) and error message

./createprimary -hi p - tk printk.bin -ch prich.bin

hierarchycontrol: failed, rc 000009a2

TPM_RC_BAD_AUTH - authorization failure without DA implications Session number 1

Above error means auth is not NULL, I am not sure if BIOS is setting any auth password.

OR I may be missing something. I am very new to the TPM.

Can you provide appropriate steps to generate primary key

Thanks,

Vasu.

 

idata
Community Manager
907 Views

Hello devarao

 

 

Thank you for your response.

 

 

Could you access BIOS with F2 go to Boot> secure Boot, and select secure boot and clear secure boot data. Use F10 to exit and save changes; access bios again and you should see that the security features would appear as not installed, once this is done unchecked the secure boot and try the configuration that you are running on the operating system.

 

 

Best Regards,

 

Leonardo C.

 

idata
Community Manager
907 Views

Hello devarao

 

 

I was checking your case and would like to know if you need further help. If so, please do not hesitate in replying back.

 

 

Regards,

 

Leonardo C.

 

907 Views

Hi Leonardo C,

I tried the steps given. I selected secure boot option and cleared the secure boot data and next boot I unchecked the secure boot option. but Security Features still enabled. please find the attached screen pics for reference. Still I booted (OS supports Legacy boot,so booting in legacy mode, not sure if that makes any difference) and tried creating primary key. It still shows the same error.

hierarchycontrol: failed, rc 000009a2

TPM_RC_BAD_AUTH - authorization failure without DA implications Session number 1

Thanks,

Vasu

idata
Community Manager
907 Views

Hello devarao

 

 

Thank you for the information.

 

 

Not to assume anything, do you have the BIOS version 0068 (Latest) installed on you NUC? If you don't please refer to the following link https://downloadcenter.intel.com/download/28045/BIOS-Update-SYSKLi35-86A-?product=89190 https://downloadcenter.intel.com/download/28045/BIOS-Update-SYSKLi35-86A-?product=89190, you could update the BIOS following the steps on the following link https://www.intel.com/content/www/us/en/support/articles/000005850/mini-pcs.html https://www.intel.com/content/www/us/en/support/articles/000005850/mini-pcs.html.

 

 

Have you tried the following?Hope this help.

 

 

Best Regards,

 

Leonardo C.

 

idata
Community Manager
907 Views

Hello devarao

 

 

I was checking your case and would like to know if you need further help. If so, please do not hesitate in replying back.

 

 

Regards,

 

Leonardo C.

 

Harsha
Employee
800 Views

Hi, I am getting this error:

WARNING:esys:../src/tss2-esys/api/Esys_Clear.c:282:Esys_Clear_Finish() Received TPM Error
ERROR:esys:../src/tss2-esys/api/Esys_Clear.c:97:Esys_Clear() Esys Finish ErrorCode (0x00000921)
ERROR: Esys_Clear(0x921) - tpm:warn(2.0): authorizations for objects subject to DA protection are not allowed at this time because the TPM is in DA lockout mode
ERROR: Unable to run tpm2_clear
Please clear the TPM before installing.

I tried the following in Intel NUC8i7BEH

access BIOS with F2 go to Boot> secure Boot, and select secure boot and clear secure boot data. Use F10 to exit and save changes.

However still observing this issue.

What further can be done now?

Harsha
Employee
768 Views

The solution provided above:

Removing the yellow security jumper and then in config mode clearing TPM works for me.

Thanks

Reply